University of Wyoming
Division of Information Technology
Ask IT Help Documents
Spam has grown into a massive problem – not just at UW but nation-wide. Studies estimate that spam represents between 40 and 60 percent of all email. The spam problem is a difficult one to solve. Although spam filtering software is well developed, even the most sophisticated software occasionally misreads some legitimate messages, treating them like spam. Techniques used by spammers to evade spam filtering software are constantly evolving, as are the rules used to detect the spam. Users can expect to see some ebb and flow in the proportion of spam that is identified by filtering as spammers try new approaches, followed by updates to the filtering software to address those approaches.
Information Technology has reviewed various software alternatives to help reduce the flow of spam into the campus community. Based on available support, features, and cost, the IT anti-spam committee has chosen to provide Sophos Puremessage software on the central email gateway servers to help users manage spam. All email coming into campus from known spammer mail servers is rejected. By default, remaining email suspected to be spam is quarantined, and a daily email and a Web interface are provided to users for spam management. Optionally, users can instead have suspect messages marked as spam and delivered and then use email client rules to manage them or can opt-out altogether from central email gateway spam management.
Information Technology provides several services on the central email gateway servers to help manage spam at UW:
Blocking (Blacklisting) Known Spammer Email
UW uses Message Transfer Agent (MTA) level IP blocking from Sophos to help combat spam by rejecting messages originating from known spammer IP addresses, so they never reach user inboxes. The addresses are blocked, or blacklisted, by the Sophos software and other blacklisting services. The catalog of blacklisted IP addresses is updated frequently throughout each day.
Any email that is rejected by UW’s blacklist will be returned to the sender with an explanatory error message, so that senders who are inadvertently blocked can contact us for assistance.
As with all anti-spam systems, none are perfect. It is possible that some email from blacklisted sites should be allowed. Information Technology maintains a centrally managed address list of IP addresses that should not be blocked from the UW network (whitelisted sites). If you encounter problems with improperly blocked email from IP addresses identified as spam, you may request that the address be unblocked (whitelisted). To request that an email address be added to the central whitelist, send the address and reason to firstname.lastname@example.org.
Quarantining Suspected Spam Email and Providing a Daily Spam Digest
PureMessage from Sophos provides UW the ability to quarantine suspected spam email, which is then sent to the user in a single daily spam email (digest) that lists each suspected message, the time it was sent, and the probability that it is spam. The user can easily release any or all of the suspected email messages to their Inbox. Additionally, through a Web interface at www.uwyo.edu/uwspam, the user can customize their filtering options, review messages, release messages to their Inbox, approve a sender and add them to their own personal whitelist, and delete messages from the Blocked Messages page. A UWSPAM Quarantine spam email will only be sent to a user if there has been suspect spam quarantined for that user since the last UWSPAM
Quarantine email was processed.
Tagging and Filtering Suspected Spam Email
If a user would rather receive all suspected spam email rather than viewing it in a quarantine digest, PureMessage from Sophos also allows UW to tag suspected spam email, which then helps a user filter out the unwanted emails once they reach their Inbox.
Mail identified as possible spam is tagged in the Subject line with [SPAM-H], [SPAM-M], or [SPAM-L] depending on whether their probability of being spam is High, Medium, or Low. Users can then sort or filter their email by the Subject line content to more easily review and delete the unwanted emails. See How to Create a Rule in Microsoft Outlook to Manage SPAM email (www.uwyo.edu/askit/displaydoc.asp?askitdocid=227&parentid=1) for assistance with the creation of a spam filtering rule based on Subject content.
Additionally, with this option, each message is modified to include specific information in the Internet header that can be used to configure filters in Outlook or other email applications. See How to Create a Rule in Microsoft Outlook to Manage Spam email (based on Internet header information) (www.uwyo.edu/askit/displaydoc.asp?askitdocid=155&parentid=1) for assistance in creating a spam filtering rule based on Internet header information.
Users may notice some email messages that are tagged as spam are actually emails they want to receive . Filtering can be configured to separate these desired emails from the unwanted emails by setting up personal Exception List or whitelist rules in a user's email application. See How to Create an Exception Rule in Microsoft Outlook (www.uwyo.edu/askit/displaydoc.asp?askitdocid=230&parentid=1) for assistance.
Tagging and Filtering Suspected Spam email
You can opt out of spam tagging through the UW SPAM Blocking site (www.uwyo.edu/uwspam). Click Options, in the Options box, in the Mail-Filtering Preferences section, select the Disable all spam tagging and blocking for my messages check box, and click Save.
Tagging and Filtering Suspected Spam email
You can opt in to spam tagging through the UW SPAM Blocking site (www.uwyo.edu/uwspam). Click Options, in the Options box, in the Mail-Filtering Preferences section, clear the Disable all spam tagging and blocking for my messages check box, clear the Notify me periodically of messages that have been blocked check box, and click Save.
The PureMessage filtering software applies a series of tests to each incoming email. This series of tests determines the probability that a particular message is spam.
If a user is taking part in UWSPAM Quarantining, emails with a probability rate of at least 20% and less than 50%, display this information in the Internet Headers section of each email. For users taking part in UW Spam Tagging, emails with a probability rate of at least 20% display this information in the Internet Headers section of each email. The Internet Headers section of each email lists the probability that an email may be spam in percentage format (i.e. 50%) and as a series of X's, with each X representing 10% (i.e. XXXXX for 50%). See How to Create Folders and Rules for Moving Messages in Microsoft Outlook (www.uwyo.edu/askit/displaydoc.asp?askitdocid=155&parentid=1) for assistance with the creation of a spam filtering rule based on the Internet Header information.
If a user has chosen to take part in only the UW Spam Tagging service, emails with a probability of 50% or greater are also tagged in the Subject line with [SPAM-H], [SPAM-M], or [SPAM-L] depending on whether their probability of being spam is High, Medium, or Low. Users can then sort or filter their email by the Subject line content to more easily review and delete the unwanted emails. See How to Create Folders and Rules for Moving Messages in Microsoft Outlook (www.uwyo.edu/askit/displaydoc.asp?askitdocid=227&parentid=1) for assistance with the creation of a spam filtering rule based on the Subject line content.
First, verify the emails are not in any folders that you have spam email filtered into or the UW SPAM Blocking site (www.uwyo.edu/uwspam) if you are using UWSPAM quarantining. If you find that the email has been quarantined, you can easily approve the message and the sender, which will protect the sender's future emails from being quarantined.
If the email does not appear to have ever reached your account, it is possible that it may have been blocked at the email gateway by MTA level IP blocking. First, contact the sender to see if this may be the case. Any email that is rejected from UW’s blacklist will be returned to the sender with an explanatory error message, so that senders who are inadvertently blocked are aware of this and can contact us for assistance.
If it does appear that the messages were blocked by UW, you may request that the address be unblocked (whitelisted). To request that an address be added to the central whitelist, send the address and reason to email@example.com.
Central email gateway spam services currently log but do not block
outgoing suspect spam messages.
If an email you sent has not been received, email firstname.lastname@example.org and provide the recipient(s) addresses and the time and date you sent the email. If you have received a notice indicating the email was delayed or rejected, include it when you contact email@example.com.
This will depend on the service that is blocking the email.
If the email is showing up in your UWSPAM Quarantine digest, you can approve the message and the sender through the UW SPAM Blocking site (www.uwyo.edu/uwspam), which will whitelist the sender for future mailings.
If the message is blocked at the gateway by MTA level IP blocking, send an email to UserHelp@uwyo.edu with the sender's email address and the reason that the sender should be whitelisted. If possible, also provide the notice received by the sender that indicates the message was blocked.
If the message is being filtered into the Junk email folder by a rule you have created in Microsoft Outlook, you can create an Exception Rule to whitelist this sender. See How to Create an Exception Rule in Microsoft Outlook (www.uwyo.edu/askit/displaydoc.asp?askitdocid=230&parentid=1)for assistance.
If you are using the Junk email filter in your email application, and the message is being filtered into the Junk email folder, add the sender's address to the Safe Senders list.
Users can assist IT with spam blocking by sending IT emails they feel are either mistagged or untagged as spam.
If a user receives an email that is not tagged or blocked as spam, they can send the email in question as an attachment to firstname.lastname@example.org. Likewise, email that is mis-tagged or blocked as spam (in the user's opinion) when it is not can be sent as an attachment to email@example.com.
The original untagged/mistagged emails must be sent as attachments and not just forwarded on. Once received, they will be sent on to Sophos for analysis.
To send the untagged/mistagged email as an attachment, in Microsoft Outlook,
UWSPAM Quarantine emails can be filtered into your Junk email or another folder depending on your email application settings and rules.
To avoid having the UWSPAM quarantine emails moved to the Junk email folder by your application's built-in Junk email filters, add firstname.lastname@example.org to your Safe Senders list. In Microsoft Outlook 2003, you can do this by right-clicking any of the UWSPAM quarantine email messages, clicking Junk email, and clicking Add Sender to Safe Senders List.
If the UWSPAM quarantine emails are being moved to the Junk email folder by a rule you have created, you will need to create an Exception Rule to prevent this. See How to Create an Exception Rule in Microsoft Outlook (www.uwyo.edu/askit/displaydoc.asp?askitdocid=230&parentid=1) for assistance in making a rule that will keep this address from being moved to the Junk email folder in Microsoft Outlook 2000, 2002, and 2003.
Also see Why can't I click on the links in the UWSPAM quarantined email messages I receive? (www.uwyo.edu/askit/displaydoc.asp?askitdocid=1202&parentid=1)
Some versions of Microsoft Outlook have an anti-phishing feature in place that may restrict you from automatically clicking links within an email message. When you click a link, you will recieve the message that "Some links in this message might connect to unsafe or fraudulent sites. To help protect your security, links have been turned off in this message. Click the info bar for options to turn on links in this message."
In order to reach the Web site or address by clicking the link, click the information bar at the top of the email, and click Turn on Links (not recommended). This will need to be done each time you receive an email that has disabled links. If a user is ever in doubt as to the security of a link within in an email, they should not click the link but rather open a browser window and manually type the URL.
Microsoft provides further information on this anti-phishing feature at http://office.microsoft.com/en-us/outlook/HA011841931033.aspx.
The UWSPAM quarantine emails are intended to be read in HTML format.
Once an HTML email is moved to the Microsoft Outlook Junk email folder, the HTML formatting and capabilities are removed (this is by design for the sake of security and cannot be changed), which makes these emails unmanageable. To be able to read the UWSPAM quarantine emails as they were intended, move them back to your Inbox.
It may take a few minutes (up to 10 or 15) before a message that is released from spam blocking appears in your Inbox.
You may experience different behaviors depending on your email client. In Microsoft Outlook, the message will be time stamped with the time that it was delivered to your Inbox after being released from quarantine. Inside the message, you will see the original date and time that the message was sent. In other email clients, messages may retain the original received date. If it is older than other messages in your Inbox, you may want to search further down the list of email messages if you sort by the Received column. Additionally, if you have any spam filtering rules set up or are using the built-in Microsoft Outlook Junk email filters, it may be automatically filtered to your Junk email or Spam folder.
Reviewed: 0207 By: CD
Additional help with the installation and configuration of
UW-supported software is available:
Contact your IT user consultant
Contact the IT Help Desk at 766-HELP (4357), option 1
Contact the IT Help Desk at 766-HELP (4357), option 1
Come to the student computer lab in the lobby of the
Information Technology Center.